CSV Injection in CSV files generated by the backend in limesurvey/limesurvey
Mar 12th 2023
1 login in https://demo.limesurvey.org/index.php
2 the demo admin create a user with name "=1+cmd|'/C calc'!A0".
4 other users login and download all the users' data as csv.
5 other users open the csv file with execl in windows, notice that choose ";" as separator as.
6 we can see that the calculator is opened.
see the poc : https://1drv.ms/v/s!AksJ421iyCG-mTLhbaTcZ8yrfDaq?e=5zhBH5
see https://owasp.org/www-community/attacks/CSV_Injection to fix it.
# Impact Hijacking the user’s computer Exfiltrating contents from the spreadsheet, or other open spreadsheets.
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Carsten Schmitz validated this vulnerability 2 months ago
lujiefsi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Carsten Schmitz marked this as fixed in 5.6.11 with commit 953122 2 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
This vulnerability is scheduled to go public on Mar 27th 2023
to join this conversation